play.stuff.co.nz

Issued by Amazon

About this certificate

This digital certificate with serial number 02:cf:f2:96:93:38:bb:15:1e:6b:d0:5a:d7:0a:3f:5a was issued on by Amazon.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=play.stuff.co.nz

Amazon

Organization: Amazon
Organization unit: Server CA 1B
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): 02:cf:f2:96:93:38:bb:15:1e:6b:d0:5a:d7:0a:3f:5a
Serial Number (int): 3738181714197881670548802367214206810
Serial Number lenght: 122 bits, 16 octets

SubjectKeyId: ec:33:c4:b0:fc:96:be:a1:fa:d3:a6:fb:67:6a:23:76:2e:0b:ba:8c
AuthorityKeyId: 59:a4:66:06:52:a0:7b:95:92:3c:a3:94:07:27:96:74:5b:f9:3d:d0

Fingerprint (sha1): a8:24:81:c1:65:f9:ab:0a:a4:6a:03:d3:4b:17:06:0e:e6:12:3e:ae
Fingerprint (sha256): 42:39:ab:2d:13:24:3c:14:c1:08:89:b4:f6:db:e1:ae:d7:5f:7a:53:ad:96:90:c1:aa:39:3e:e3:cc:3d:ce:04

Issuing Certificate URL: http://crt.sca1b.amazontrust.com/sca1b.crt

Revocation information

OCSP Server: http://ocsp.sca1b.amazontrust.com
CRL Distribution Point: http://crl.sca1b.amazontrust.com/sca1b.crl

Check the revocation status for certificate play.stuff.co.nz

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for play.stuff.co.nz

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

play.stuff.co.nz
stuff.viago.io

Other certificates including the domain name stuff.co.nz

(limited to 100 certificates)
*.stuff.co.nz
deaths.stuff.co.nz
composer.contentstaging.shift21.ffx.nz
popshop.stuff.co.nz
t.comms.stuff.co.nz
coupons.stuff.co.nz
*.stuff.co.nz
*.stuff.co.nz
www.communications.stuff.co.nz
www.stuff.co.nz
coupons.stuff.co.nz
www.stuff.co.nz
social.stuff.co.nz
shop.stuff.co.nz
*.stuff.co.nz
*.stuff.co.nz
events.stuff.co.nz
www.stuff.co.nz
coupons.stuff.co.nz
stuff.co.nz
*.preprod.stuff.co.nz
stuff.co.nz
www.stuff.co.nz
www.stuff.co.nz
*.stuff.co.nz
playwidget.stuff.co.nz
somniture.stuff.co.nz
somniture.stuff.co.nz
devices.play.stuff.co.nz
my.preprod.stuff.co.nz
prospective2.shared.global.fastly.net
*.stuff.co.nz
www.stuff.co.nz
subscribers.theage.com.au
*.stuff.co.nz
prospective2.shared.global.fastly.net
*.fairfaxmedia.com.au
prospective2.shared.global.fastly.net
*.stuff.co.nz
stuff.co.nz
*.preprod.stuff.co.nz
prospective2.shared.global.fastly.net
test.communications.stuff.co.nz
ssl470690.cloudflaressl.com
pressphotocomp.stuff.co.nz
www.stuff.co.nz
*.stuff.co.nz
www.stuff.co.nz
prospective2.shared.global.fastly.net
www.stuff.co.nz
*.stuff.co.nz
prospective2.shared.global.fastly.net
prospective2.shared.global.fastly.net
analytics.stuff.co.nz
prospective2.shared.global.fastly.net
somniture.stuff.co.nz
*.preprod.stuff.co.nz
shop.stuff.co.nz
*.preprod.stuff.co.nz
prospective2.shared.global.fastly.net
deaths.stuff.co.nz
www.communications.stuff.co.nz
www.stuff.co.nz
*.stuff.co.nz
prospective2.shared.global.fastly.net
*.idm.stuff.co.nz
stuff.co.nz
www.stuff.co.nz
www.stuff.co.nz
pressfanzone.stuff.co.nz
www.stuff.co.nz
*.preprod.stuff.co.nz
shop.stuff.co.nz
*.stuff.co.nz
events.stuff.co.nz
*.stuff.co.nz
stuff.co.nz
shop.stuff.co.nz
www.stuff.co.nz
www.stuff.co.nz
ssl470689.cloudflaressl.com
www.communications.stuff.co.nz
somniture.stuff.co.nz
stuff.co.nz
*.stuff.co.nz
deaths.stuff.co.nz
stuff.co.nz
knowthecrew.stuff.co.nz
prospective2.shared.global.fastly.net
play.stuff.co.nz
popshop.stuff.co.nz
www.stuff.co.nz
shop.stuff.co.nz
*.preprod.stuff.co.nz
stuff.co.nz
www.stuff.co.nz
www.stuff.co.nz
playwidget.stuff.co.nz
prospective2.shared.global.fastly.net
*.stuff.co.nz

Certificate

The complete raw certificate details for play.stuff.co.nz in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIQAs/ylpM4uxUea9Ba1wo/WjANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA3MDkwMDAwMDBaFw0yMDA4MDkx
MjAwMDBaMBsxGTAXBgNVBAMTEHBsYXkuc3R1ZmYuY28ubnowggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCSuNiBBTYYruX/md805+jovXvVyqtffMsIL9kQ
UCWk+CrhCBVYw/3Vjw+oQEK3U9AovpMSJXuvAoXp8gHEI8z9YIlIzMaE2sCeQvEn
ani+xyyKL3yks0pKbXnEaTzg++a0oVTbKhXcFIEhZ6SlfeeZbHEtFQVi+jJ3zOEa
YCA/l9Xe0UveS4bgFCrRqE+4wX2/FJ7lFVmLQ2mnFoyKIDjtblTbGD6mw5RUMmwU
/RyxbNylpKQ+5BbkfpV5tTpFCSxxhtG6bPEVkLExAlyty7y6k6IZheFAHFC79DXr
F3cPqMAXhpv4uZ99CXmgvwT1uE+LTtMJk2s8lVkq2kpD7sSRAgMBAAGjggKNMIIC
iTAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQU7DPE
sPyWvqH606b7Z2ojdi4LuowwKwYDVR0RBCQwIoIQcGxheS5zdHVmZi5jby5ueoIO
c3R1ZmYudmlhZ28uaW8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnNjYTFi
LmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcmwwIAYDVR0gBBkwFzALBglghkgBhv1s
AQIwCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDov
L29jc3Auc2NhMWIuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8v
Y3J0LnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcnQwDAYDVR0TAQH/BAIw
ADCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AO5Lvbd1zmC64UJpH6vhnmajD35f
sHLYgwDEe4l6qP3LAAABa9ZaFaAAAAQDAEgwRgIhAOwKTtNz18P0FfkyiyYkPMR5
nYj7YD9EN2VkzED8rAdhAiEAone8GwhToM8DkjLlYKIN8fCRyXb5tggZOZazdPar
NNEAdgCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWvWWhXzAAAE
AwBHMEUCIDRAf9FmxcQtXk7ny8oXO3Rn4NcTY2sfu+VWWfKeSjapAiEAgUzbwkIy
/L0NUKVrnZroHLnE+HYTQztEobVuIobaywQwDQYJKoZIhvcNAQELBQADggEBAA7U
khWf6qdlimcHf2b8ac8j4efg6ZEwunWb53lJDW2x0jPxcS8mvdznv5CFDQ2lVS5L
wTEeyCFUydCcS+H/C1RM7ZXszudjHu+rQtnnDvWdP75ccwXfJkWWcA88ZdTCcEt5
NJGcS1dc8XbONADmParsGHxcP2gK8f6iL1MDjM9ecKljSHiajJQr67hCgD9KQGdH
bXs54AHqNzchjCJLpd5AcUCDQ07eLRhjTa1sB8lVGNdBDg2h0ekvNuq7jxV0wwvz
OiXQFM5k7cEVlkWyyXP1fnHjCBgPKZAgiwbopb4h9+iP353mcsEYP2uTCF0IZvC8
yC1NP3EvrOOgEIdYZ6k=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrjYgQU2GK7l/5nfNOfo
6L171cqrX3zLCC/ZEFAlpPgq4QgVWMP91Y8PqEBCt1PQKL6TEiV7rwKF6fIBxCPM
/WCJSMzGhNrAnkLxJ2p4vscsii98pLNKSm15xGk84PvmtKFU2yoV3BSBIWekpX3n
mWxxLRUFYvoyd8zhGmAgP5fV3tFL3kuG4BQq0ahPuMF9vxSe5RVZi0NppxaMiiA4
7W5U2xg+psOUVDJsFP0csWzcpaSkPuQW5H6VebU6RQkscYbRumzxFZCxMQJcrcu8
upOiGYXhQBxQu/Q16xd3D6jAF4ab+LmffQl5oL8E9bhPi07TCZNrPJVZKtpKQ+7E
kQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3738181714197881670548802367214206810
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Server CA 1B'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Amazon'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-09 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-08-09 12:00:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'play.stuff.co.nz'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18521943346170398338795656668237785327746993147291700308828460163031185624434638157187662400478089749646931375844784837783075489276928777725226532847661916894915036459882146509775905796114282244086547319616697839951550274935519210102781476168235867193214548911573474933762026671174613834529969056459584977214834577330553805119973855759578814351113660695259915307927784869870653812893178035105075907260743551638513480384119352908256769280894762651034961675271826728194770372668432770553996535481680530032426715040005272359717679601549544672138152849724659396485047488020247853613917478804201368126273070947888700245137
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 59a4660652a07b95923ca394072796745bf93dd0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ec33c4b0fc96bea1fad3a6fb676a23762e0bba8c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (36 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'play.stuff.co.nz'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stuff.viago.io'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (52 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.sca1b.amazontrust.com/sca1b.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (25 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.840.1.114412.1.2 (digiCertDVCert)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.sca1b.amazontrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.sca1b.amazontrust.com/sca1b.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (246 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (243 bytes)
							00f1007700ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016bd65a15a00000040300483046022100ec0a4ed373d7c3f415f9328b26243cc4799d88fb603f44376564cc40fcac0761022100a277bc1b0853a0cf039232e560a20df1f091c976f9b608193996b374f6ab34d10076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000016bd65a15f30000040300473045022034407fd166c5c42d5e4ee7cbca173b7467e0d713636b1fbbe55659f29e4a36a9022100814cdbc24232fcbd0d50a56b9d9ae81cb9c4f87613433b44a1b56e2286dacb04
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		000ed492159feaa7658a67077f66fc69cf23e1e7e0e99130ba759be779490d6db1d233f1712f26bddce7bf90850d0da5552e4bc1311ec82154c9d09c4be1ff0b544ced95eccee7631eefab42d9e70ef59d3fbe5c7305df264596700f3c65d4c2704b7934919c4b575cf176ce3400e63daaec187c5c3f680af1fea22f53038ccf5e70a96348789a8c942bebb842803f4a4067476d7b39e001ea3737218c224ba5de40714083434ede2d18634dad6c07c95518d7410e0da1d1e92f36eabb8f1574c30bf33a25d014ce64edc1159645b2c973f57e71e308180f2990208b06e8a5be21f7e88fdf9de672c1183f6b93085d0866f0bcc82d4d3f712face3a010875867a9